Trojan.MulDrop20.7582

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22106' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18724' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11904' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6636' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3029' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27001' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31347' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26010' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23562' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19054' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17665' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4167' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1839' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '151' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17372' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14944' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23500' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1588' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4906' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '12266' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '32007' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7679' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6049' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3040' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7197' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16905' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2579' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3108' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16355' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6777' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25282' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30450' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21293' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8554' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18572' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3208' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10756' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15605' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14315' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27379' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24800' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19264' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20931' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29958' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5656' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5928' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5577' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21791' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1289' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5677' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8665' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19432' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10505' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '728' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14635' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13414' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6327' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13477' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20113' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5975' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4780' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17544' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25769' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25701' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25733' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5456' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25900' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2301' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25439' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13283' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29549' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7805' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22870' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26849' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27578' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27468' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16952' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23730' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14913' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15432' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4387' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25549' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13456' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16743' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2138' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4880' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7747' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14813' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31027' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5420' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29659' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3061' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8575' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27080' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22110' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7186' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10185' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4219' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13624' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22362' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20674' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19101' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28029' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6809' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24401' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2390' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29570' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21523' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23279' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1058' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13933' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '351' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4329' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '32448' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21371' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14793' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13534' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6547' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '12916' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15264' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6735' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13886' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10337' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14216' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20181' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14237' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30388' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9147' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25062' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9136' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '12706' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4067' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28721' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29738' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28348' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2778' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7055' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4046' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15385' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15034' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1488' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15825' = '<Full path to file>'
[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5939' = '<Full path to file>'

Malicious functions

To bypass firewall, removes or modifies the following registry keys

[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'

Modifies file system

Creates the following files

C:\lsass.exe

Network activity

Connects to

'67.##.213.234':3128
'69.##0.204.235':3128
'69.##8.216.146':3128
'98.##2.122.177':3128
'12#.#38.82.195':3128
'74.##3.11.17':3128
'20#.#.127.186':3128
'12#.#06.6.238':3128
'24.##4.30.144':3128
'12.##8.210.134':3128
'88.#16.3.10':3128
'17#.#0.36.47':3128
'11#.#2.197.18':3128
'20#.#72.44.197':3128
'81.##3.161.227':3128
'89.##5.38.55':3128
'85.##7.141.15':3128
'71.#3.49.53':3128
'12#.121.6.2':3128
'19#.#53.99.182':3128
'72.##0.78.186':3128
'21#.#26.97.186':3128
'12#.#01.39.238':3128
'99.##0.76.148':3128
'66.##.222.151':3128
'12#.#.213.56':3128
'67.#60.6.57':3128
'72.##4.198.158':3128
'99.##6.244.33':3128
'68.##.137.58':3128
'72.##1.238.9':3128
'70.#.169.182':3128
'15#.#7.171.75':3128
'71.##0.208.106':3128
'66.##4.234.49':3128
'69.##1.45.249':3128
'76.##.61.100':3128
'12#.#25.190.30':3128
'18#.#10.169.222':3128
'20#.#3.134.47':3128
'75.#3.96.51':3128
'78.##.44.204':3128
'89.##0.20.242':3128
'89.##.227.164':3128
'70.##7.31.140':3128
'14#.#61.96.94':3128
'18#.#3.69.132':3128
'67.#2.3.13':3128
'76.##9.229.94':3128
'63.##5.24.76':3128
'59.##5.21.253':3128
'14#.#38.107.75':3128
'21#.#26.42.183':3128
'64.##3.135.90':3128
'18#.#22.81.157':3128
'94.##.112.244':3128
'22#.#37.99.43':3128
'85.##7.183.120':3128
'89.##9.79.30':3128
'12#.#3.123.82':3128
'68.##2.126.150':3128
'18#.#8.50.163':3128
'72.##2.230.221':3128
'71.##.115.162':3128
'89.##3.76.77':3128
'82.##.78.177':3128
'89.##7.49.216':3128
'89.#6.81.70':3128
'78.##7.67.72':3128
'85.##4.152.173':3128
'61.##8.152.39':3128
'76.##9.91.242':3128
'67.#8.94.55':3128
'87.##8.0.214':3128
'78.##.237.229':3128
'80.##7.211.202':3128
'96.##3.142.102':3128
'89.##.251.81':3128
'61.##.179.104':3128
'71.##3.61.186':3128
'86.##1.160.206':3128
'59.##.70.175':3128
'24.##.252.15':3128
'20#.#3.134.39':3128
'87.##.248.240':3128
'17#.#06.161.95':3128
'20#.#5.118.157':3128
'24.##.186.243':3128
'24.##7.239.225':3128
'74.##5.57.131':3128
'74.##0.85.141':3128
'24.##.248.239':3128
'66.##1.255.160':3128
'68.##0.126.186':3128
'12#.#24.67.63':3128
'19#.#99.93.63':3128
'12#.#21.186.194':3128
'24.##7.45.95':3128
'70.##1.16.243':3128
'20#.#3.134.44':3128
'76.##4.141.11':3128
'98.##5.28.148':3128
'17#.#04.136.149':3128
'76.##3.201.206':3128
'24.##7.190.229':3128
'60.##9.92.205':3128
'18#.#7.27.175':3128
'99.##4.148.209':3128
'68.##.167.233':3128
'21#.#0.160.188':3128
'66.##3.158.213':3128
'19#.#16.148.170':3128
'21#.#0.239.3':3128
'20#.#46.34.96':3128
'86.##4.234.91':3128
'66.##1.122.4':3128
'20#.#5.179.41':3128
'68.##8.208.76':3128
'87.##.119.73':3128
'21#.#13.54.252':3128
'11#.#5.32.51':3128
'89.##.210.72':3128
'21#.#24.87.18':3128
'20#.#03.130.47':3128
'76.##1.103.211':3128
'98.#8.97.16':3128
'64.##7.58.92':3128
'59.##.106.134':3128
'98.##6.229.238':3128
'64.##.186.180':3128
'76.#3.50.93':3128
'24.##9.185.3':3128
'98.##9.164.139':3128
'70.##6.174.68':3128
'72.##8.25.56':3128
'75.##2.22.127':3128
'24.#4.41.89':3128
'79.##.146.225':3128
'72.##0.76.212':3128
'24.##.39.120':3128
'76.##7.104.77':3128
'77.##0.51.253':3128
'65.##0.201.232':3128
'60.##.126.220':3128
'68.##.241.196':3128
'66.##6.234.116':3128
'78.##.241.53':3128
'21#.#93.62.251':3128
'89.#.64.243':3128

Miscellaneous

Creates and executes the following

'C:\lsass.exe' exe <Full path to file>

Executes the following

'<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"

Технології

Терміни

Навчання

Міфи

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней